That's a shocking admission, but Wrosch's sentiment is backed up by data. The firm Dun & Bradstreet estimates that approximately 20 percent of the registration data in government databases is inaccurate, complicating tax collection and enabling fraud.

Besides, Wrosch said, business identity theft isn't a front burner issue in his state. "We're not hearing about it from local law enforcement or anecdotally," he said. That could be because there are no crimes to report, or because businesses are loath to admit when they've been defrauded. Whatever the case, with few reports, it's hard to justify dedicating the resources and money to address the problem, Wrosch said. Add to that the fact that, in many states, implementing new and more secure business registries requires legislative action of some kind to approve the additional budget to fund the new system. In Colorado, despite public attention to the problem, it's still a year to win funding to implement business registry security features, said Secretary of State Gessler.

A said that online business registries have improved the speed and ease of registration over older, paper-based processes and can "strengthen agencies' mission capabilities in such areas as regulation and oversight, collection of revenue and fees, transparency, and economic development." But state agencies must fix the problem of what D&B called "inadequate data-quality checks" that have "enabled criminals to use government websites to steal the identities of legitimate businesses to perpetrate crimes."

The firm said states should take a number of steps to secure their filing systems and make them more akin to private sector systems. Those steps include proving the identity of those registering a new business or attempting to alter data for an existing firm, then providing them with a unique identifier and password to limit access to that data. But states will also need to invest significantly in support, management and oversight to ensure the continued integrity of their business registries and the data in them, D&B said.

The NASS also recommended a series of changes in their report, chief among them the establishment of cyber security policies and practices to secure online business records and prevent unauthorized changes. NASS also called for better reporting and tracking of business identity thefts and new laws that empower secretaries of state to investigate fraudulent filings, raise the burden of proof for those seeking to resurrect a dissolved business entity and impose stiff penalties for cases of proven business identity theft.